Excellence, Ethics and Innovation
Committed to the security and privacy of your data, aligned with innovation and excellence in legal services.
1. GOAL
This policy aims to establish the guidelines of the law firm Daniel Silva Boa Sociedade Individual de Advocacia, hereinafter referred to as Boa Advogados, for the processing of personal data in its activities, thus reflecting our commitment to ethics, transparency and respect for privacy. This document emphasizes our dedication to protecting personal data, aligned with our mission to provide high-quality legal services and our vision to be a leader in innovation and client satisfaction by incorporating the advanced use of Generative AI into our processes.
2. VALIDITY
This Boa Advogados Privacy Policy, which replaces previous published versions, comes into force as of its publication and will remain valid for an indefinite period. This policy can be reviewed and updated as necessary, always respecting the responsibility matrix outlined in this document.
3. SCOPE OF THE POLICY
This Privacy Policy applies to all individuals whose personal data is processed by Boa Advogados, including:
- Current and former employees, their dependents, job candidates and office partners;
- Clients, both current and former, and all persons related to them who have legal interactions with us;
- Professionals linked to our suppliers, with whom we have or have had commercial relationships;
- Users who visit our website, participate in our events or physically visit our offices.
4. GENERAL GUIDELINES
Boa Advogados’ Privacy Policy is available both internally, via intranet, and externally on our website www.boaadv.com. It is easy to access for all interested parties, reflecting our commitment to transparency and ethics, in accordance with our mission and values.
In our Policy, we describe in a clear and understandable way how personal data is treated by Boa Advogados, ensuring that data subjects fully understand the use of their information.
The subsequent topics detail the specific purposes for which personal data is used, the retention period for this data, how to access and update it, and how to obtain additional information. This clarification is in line with our vision of being a leading office in excellence and innovation, and with our emphasis on the advanced use of Generative AI to optimize and secure data processing.
5. DETAILS OF PERSONAL DATA
5.1 Employees, Former Employees, Dependents, Candidates and Partners
- Registration Data: Includes name, corporate email, identification documents (RG, CPF, CNH), marital status, date of birth, contacts, address, training and professional qualifications, work history, positions, relationship with PEPs, details about the OAB, among others;
- Financial Data: Remuneration, loans, relevant financial statements;
- Sensitive Data: Biometrics, health information, racial data, union affiliation, if applicable;
- Behavioral Data: Professional experience, performance evaluations.
5.2 CUSTUMERS
- Registration Data: Information such as name, identification, contacts, professional and academic data, among others;
- Financial Data: Related to the services provided;
- Sensitive Data: Union affiliation, health information, and other information relevant to the provision of legal services.
5.3 Supplier Professionals
- Registration Data: Name, identification, contacts, professional information, among others;
- Financial Data: Banking details and remuneration;
- Sensitive Data: Race, digital biometrics, if applicable.
5.4 Website Visitors and Event Attendees
- Registration Data: Name, identification, contacts, professional information, interests, among others;
- Behavioral Data: Use of the website, source of access, interactions at events.
6. Responsibility
Boa Advogados, acting as controlling agent, is responsible for making all decisions pertinent to the processing of personal data, in accordance with the relationships established with the holders of that data. This responsibility is exercised strictly respecting the principles of ethics, transparency and privacy, in line with our mission and values.
7. Poupuses Of Personal Data Processing
At Boa Advogados, pesonal data is processed for various purposes, as detailed below:
7.1. Employees, Former Employees, Dependents, Candidates and Partners
- Recruitment and Talent Management: Selection, hiring, career management, professional development, corporate education, internal communication, and fulfillment of contractual obligations processes;
- Identification of PEPs: For regulatory compliance and office accreditation;
- Publication and Communication: Disclosure of cases and achievements in legal directories and other media, to strengthen the brand;
- Financial Management: Administration of expenses, costs and records for calculating fees;
- Security and Access Control: Physical and digital for employees and third parties on office premises;
- Legal and Tax Records: Maintaining documents to meet legal and tax requirements;
- Brand and Relationship Promotion: Through events, external communication and other initiatives.
7.2 Customers
- Provision of Legal Services: Defense of clients’ interests in judicial and extrajudicial proceedings, and specialized support;
- Document Management: Custody for legal, tax and business support;
- Fee Management: Recording activities for billing;
- Registration and Billing: For issuing invoices and communicating with customers;
- Marketing and Relationships: Customer prospecting, brand promotion and events.
7.3 Suppliers
- Supplier Hiring and Management: Selection, evaluation, registration, contracting and payments;
- Legal and Tax Documents: Custody to support legal and tax requirements;
- Security and Access Control: On office premises;
- Communication and Training: Disclosure of relevant events and training.
7.4 Visitors and Users of the Website
- Prospecting and Marketing: Identification and contact with potential customers;
- Security and Access Control: On office premises;
- Promotion and Relationships: Brand promotion, events and establishing contacts;
- Digital Communication: Engagement through the institutional website and online campaigns.
8. Sharing Of Personal Data
At Boa Advogados, personal data is shared in several situations, detailed below:
8.1 Employees, Former Employees, Dependents, Candidates and Partners
- Sharing with benefit providers (health plan, life insurance, etc.);
- Customers, within the scope of accreditation processes;
- Independent institutions for publications in legal directories;
- Financial and educational institutions for banking and professional development;
- Partner offices and authorities, to comply with legal or regulatory obligations;
- Operating agents for processing data in accordance with our instructions, including technology providers, communications and security companies, and document storage services.
8.2 Customers
- Independent institutions for legal analyzes and publications, maintaining professional secrecy;
- Public and government authorities to comply with legal obligations;
- Operating agents, including specialized service providers, technology providers, event organizers and document holding companies;
- Security providers on office premises.
8.3 Supplier Professionals
Sharing with customers, when requested;
Government and regulatory entities to comply with legal obligations;
Operating agents, including management support services for suppliers, technology providers, and document storage companies;
Security providers on office premises.
8.4 Website Visitors and Users, Event Participants
Operating agents for data processing, including technology providers and event organizers;
Security providers on office premises.
9. TRANSFER OF PERSONAL DATA
At Boa Advogados, we also use cloud-based systems, which implies the possibility of transferring personal data outside Brazil. Currently, this data may be stored in backups located in countries such as the United States, where our cloud service providers maintain their facilities.
To ensure that transferred personal data is processed only for the intended purposes, we implement a number of guarantees and safeguards. This includes adopting specific contractual clauses, standard data protection clauses and compliance with global corporate standards. These measures comply with applicable legislation and reflect our commitment to security, privacy and data integrity, in line with our values of transparency and ethics.
10. DURATION OF PERSONAL DATA RETENTION
At Boa Advogados, personal data collected is kept for the period necessary to fulfill the purposes for which it was collected. This includes the time required to comply with our legal, regulatory and contractual obligations. After this period, personal data is removed or anonymized unless there is an ongoing legitimate purpose or a legal or regulatory obligation that requires its retention for a longer period.
11. SECURITY OF DATA PROCESSED AND IN OUR CUSTODY
11.1 Security Measures Adopted
At Boa Advogados, we adopt strict security standards to protect personal data processed and in our custody, in compliance with applicable laws and regulations:
- Training and governance focused on information security;
- Robust internal data security policies;
- Strict control of data storage, whether on own or contracted servers;
- Use of advanced software to encrypt collected data;
- Effective measures against unauthorized access;
- Restricted and monitored access to personal information, limited only to what is necessary;
- Maintenance of professional secrecy by everyone who accesses the data;
- Application of disciplinary and legal measures in case of misuse of information;
- Commitment to applicable legislation, including adequate management of data storage and deletion, upon demand from the holder;
- Guarantee of access by the holder to their stored personal information.
11.2 Inherent Risks
Despite our efforts to maintain privacy and protect personal data, it is important to recognize that no data transmission is completely secure. Therefore, despite all security measures, we cannot guarantee complete immunity against unauthorized access or malicious methods, such as cyber attacks.
11.3 Responding to Data Breaches
If a data breach occurs in our custody, we commit to using all necessary efforts to remedy the consequences of the incident, in line with our values of transparency, accountability and commitment to excellence and innovation. This includes quickly identifying and resolving any security breaches, as well as communicating effectively with all affected parties.
12. RIGHTS OF THE DATA SUBJECT
12.1 Guaranteed Rights
At Boa Advogados, we guarantee you, the data subject, the full exercise of the rights provided for in article 18 of Law 13,709/2018 (General Personal Data Protection Law – LGPD), as applicable, including:
- Confirmation of the existence of processing of your data;
- Access to the data we hold about you;
- Correction of data that is incomplete, inaccurate or out of date;
- Anonymization, blocking or deletion of unnecessary data or data processed in non-compliance with the LGPD;
- Data portability to another service or product provider, upon express request, respecting commercial and industrial secrets;
- Deletion of data processed with your consent, except for legal exceptions;
- Information about sharing your data with public and private entities;
- Information about the possibility and consequences of not providing consent; It is
- Revocation of consent, in accordance with legislation.
12.2 Request Fulfillment Process
When responding to your requests, Boa Advogados will make every reasonable effort to respond promptly. However, it is important to consider:
Any justifiable delays, given the complexity of the request;
Possible rejections for formal or legal reasons, such as the inability to prove your identity or requests that contradict legal or regulatory requirements.
12.3 Communication in Case of Rejection
If it is impossible to fulfill your request, we will provide a clear and justified explanation for such decision.
13. EXERCISE OF THE HOLDER’S RIGHTS
To exercise the rights related to your personal data, as mentioned in the previous topic, Boa Advogados provides a simple and accessible process. You can make your requests by sending an email to contato@boaadv.com with the subject “MY LGPD DATA” with the necessary information.
This procedure is simple and efficient, ensuring that you can exercise your rights conveniently and without complications. Our commitment is to respond to your requests quickly and in accordance with current legislation.
14. GETTING MORE INFORMATION
14.1 Reading the Policy
We encourage you to read our Privacy Policy in full to obtain all relevant information about the processing of your personal data. This document has been designed to be clear and informative, aiming to ensure that you are fully aware of how your data is handled at Boa Advogados.
14.2 Contact with the Person in Charge (DPO)
If, after reading the policy, you still have questions or require additional clarification, you can contact our DPO officer. To do this, we provide a specific email address: juridico@boaadv.com.
15. DEFINITIONS
For Boa Advogados’ privacy policy, we have adapted the following definitions:
- Website User: Individual who accesses and/or registers on the Boa Advogados website.
- Third party: Individual who visits the Boa Advogados website and facilities, or registers for events available on the website.
- Personal Data: Any information relating to an identified or identifiable natural person, directly or indirectly.
- Sensitive Personal Data: Special category of personal data that concerns racial or ethnic origin, religious beliefs, political opinions, trade union membership, data relating to health or sexual life, genetic or biometric data of a natural person.
- Holder: Natural person to whom the personal data refers, such as users of our website, visitors and registrants of Boa Advogados events.
- Person in Charge (DPO): Person appointed by the Controller and Operator to be the point of contact between the Controller, Data Subjects and the National Data Protection Authority (ANPD).
- Website: Refers to the email address of Boa Advogados and its subdomains.
- Processing: Operations carried out with personal data, including collection, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation, control, modification, communication, transfer, dissemination or extraction.
- Controller: Natural or legal person, governed by public or private law, who makes decisions regarding the processing of personal data.
- Operator: Natural or legal person, governed by public or private law, who processes personal data on behalf of the Controller.